With the continuous popularization and development of network technology, network attacks appear more and more frequently. Through various attack software, beginners with common computer knowledge can also attack the network. At the same time, the proliferation of various network viruses also increases the risk of network attacks.

H3C SecPath F1000-AI series firewall is a high-performance multi gigabit and ultra gigabit firewall VPN integrated gateway product for the industry market. Its hardware is based on multi-core processor architecture and is a 1U independent box firewall. This series of firewall products provide rich interface expansion capabilities. At the same time, as NGFW products, rich audit functions are essential, so the product series can expand large capacity hard disks, and can effectively support application acceleration functions such as Web caching after adding hard disks.

In terms of security functions, F1000-AI series, as NGFW products, not only supports firewall security functions such as security control, VPN, NAT, DOS/DDOS defense, but also integrates deep security defense functions such as IPS, AV, application control, DLP, URL classification, and user-defined filtering, realizing multi-dimensional policy control functions based on users, applications, time, geographical location, security status, etc.

The product family integrates AI computing capabilities to provide strong protection against unknown threats and APT attacks. At the same time, based on AI technology, simplify the product operation and maintenance experience.

In terms of virtualization and reliability, based on the H3C professional Comware V7 platform, it supports multi device clusters and 1: N virtualization. Elastic scalability to better adapt to the requirements of cloud computing.

Artificial intelligence characteristics

F1000-AI firewall is a new generation firewall integrated with AI analysis engine. It can also:

• Identify encryption and new applications, and provide more accurate, refined and flexible security control strategies.
  

• Identify malicious encrypted traffic and discover malicious behaviors hidden in normal encrypted traffic.
  

• Identify security risks such as exceptions, threats and attacks to provide decision-making and basis for emergency response.
  

• It is combined with cloud and situation awareness platforms to provide all-round collaborative defense.

F1000-AI firewall is a continuously evolving product, a key part of the security solution of AI integrated network, and a necessary link in the network security active defense system. It will continue to advance towards the direction of elastic architecture, encryption analysis, AI enabling, and collaborative defense.

High reliability of carrier grade equipment

• The software and hardware platforms with independent intellectual property rights of H3C Company are adopted. The product application has gone through many years of market tests from telecom operators to small and medium-sized enterprise users.
  

• It supports H3C SCF virtualization technology, which can virtualize multiple devices into a logical device and present them as a network node. Resources are managed uniformly to complete business backup and improve the overall system performance.
  

• Virtualization: supports the creation, startup, shutdown and deletion of virtual firewalls.
  

Powerful security protection function

• It supports rich attack prevention functions. Including: Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP fragment message, ARP spoofing, ARP active reverse query, illegal TCP message flag bit, oversized ICMP message, address scanning, port scanning and other attack prevention, as well as detection and defense against SYN Flood, UPD Flood, ICMP Flood, DNS Flood and other common DDoS attacks.
  

• The latest support for SOP 1: N full virtualization. Multiple logical virtual firewalls can be divided on the H3C SecPath F1000-AI device. The container based virtualization technology makes the virtual system consistent with the actual physical system characteristics, and the virtual system can be used for performance allocation such as throughput, concurrency, creation, and strategy.
  

• Support security area management. Security zones can be divided based on interfaces and VLANs.
  

• Package filtering is supported. Through the use of standard or extended access control rules between security zones, data packets can be filtered with the help of UDP or TCP ports and other information in the message. In addition, you can filter by time period.
  

• It supports application identification, and can take applications and users as the basic elements of security policy based on the access control of applications and users, and realize the access control function of the next generation in combination with defense in depth.
  

• Support the application layer status packet filtering (ASPF) function. By checking the application layer protocol information (such as FTP, HTTP, SMTP, RTSP and other application layer protocols based on TCP/UDP protocol), and monitoring the connection based application layer protocol status, it dynamically determines whether packets are allowed to pass through the firewall or discarded.
  

• Support authentication, authorization, and accounting (AAA) services. Including: authentication based on RADIUS/HWTACACS+, CHAP, PAP, etc.
  

• Support static and dynamic blacklists.
  

• Support NAT and NAT multi instance.
  

• Support VPN function. Including: support L2TP, IPSec/IKE, GRE, SSL, etc., and achieve docking with intelligent terminals.
  

• Support rich routing protocols. Support static routing, policy routing, and dynamic routing protocols such as RIP and OSPF.
  

• Support security log.
  

• Support traffic monitoring statistics and management.
  

• National secret algorithm: support the national secret SM1/2/3/4 algorithm.
  

Flexible and scalable integrated DPI deep security

• An integrated security business processing platform highly integrated with basic security protection.
  

• Comprehensive application layer traffic identification and management: Through the state machine detection and traffic interaction detection technology accumulated by H3C for a long time, it can accurately detect applications such as Thunder/Web Thunder, BitTorrent, eMule/eDonkey, WeChat, Weibo, QQ, MSN, PPLive and other P2P/IM/online games/stock speculation/online video/online multimedia; It supports the P2P flow control function. By using the method of in-depth detection on the flow, that is, by matching the network message with the characteristics of the P2P protocol message, it can accurately identify the P2P flow, so as to achieve the purpose of managing the P2P flow. At the same time, it can provide different control strategies to achieve flexible P2P flow control.
  

• High precision and high efficiency intrusion detection engine. The FIRST (Full Inspection with Rigorous State Test) engine with H3C's independent intellectual property rights is adopted. FIRST engine integrates multiple detection technologies, realizes comprehensive detection based on accurate state, and has extremely high intrusion detection accuracy; At the same time, the FIRST engine adopts the parallel detection technology, and the software and hardware can be flexibly adapted, which greatly improves the efficiency of intrusion detection.
  

• Real time virus protection: using the flow engine virus detection technology, it can quickly and accurately detect and kill viruses and other malicious codes in network traffic.
  

• Massive URL classification filtering: The device supports URL filtering based on URL categories, supports local+cloud mode, 139 classification databases, and more than 20 million URL rules.
  

• Comprehensive and timely security feature library. Through years of operation and accumulation, H3C has a senior attack feature library team in the industry, and is equipped with a professional attack and defense laboratory to keep up with the latest developments in the network security field, so as to ensure the timely and accurate update of the feature library.
  

Industry specific IPv6

• Support IPv6 state firewall, realize firewall function under IPv6 condition in a real sense, and complete IPv6 attack prevention at the same time.
  

• Support IPv4/IPv6 dual protocol stack, and support IPv6 datagram forwarding, static routing, dynamic routing, multicast routing and other functions.
  

• Support various IPv6 transition technologies, including NAT-PT, IPv6 Over IPv4 GRE tunnel, manual tunnel, 6to4 tunnel, IPv4 compatible IPv6 automatic tunnel, ISATAP tunnel, NAT444, DS Lite, etc.
  

• Support IPv6 ACL, Radius and other security technologies.
  

Next generation multi service features

• Integrate the link load balancing feature, and effectively realize the automatic multi link balancing and automatic switching of enterprise Internet exports through link status detection, link busy protection and other technologies.
  

• Integrated SSL VPN (IPV4&IPV6) features meet the security access requirements of mobile office and employee business trip. It can not only authenticate the identity of mobile users in combination with USB Key and SMS, but also integrate with the original authentication system of the enterprise to achieve integrated authentication access.
  

• Data Leakage Prevention (DLP) supports email filtering and provides SMTP email address, title, attachment and content filtering; Support web page filtering, provide HTTP URL and content filtering; Support file filtering of network transmission protocol; It supports application layer filtering and provides Java/ActiveX Blocking and SQL injection attack prevention.
  

• Intrusion Prevention (IPS) supports the identification and protection of Web attacks, such as cross site scripting attacks and SQL injection attacks. Support intrusion prevention strategies based on protection objects including but not limited to operating systems, network devices, office software, web services, etc., support protection strategies based on attack classification of vulnerabilities, malicious files, information collection attacks, etc., support protection strategies based on servers and clients, and support blacklists by default.
  

• Anti virus (AV), a high-performance virus engine, can protect more than 5 million viruses and trojans, and the virus feature library is updated daily. Support virus function based on file protocol and sharing protocol (NFS/SMB). Action response, which can find the alarm information sent by the virus and support the user to edit the alarm content.
  

• For unknown threat defense, with the help of situation awareness platform, NGFW can quickly find attacks and positioning problems to ensure that once a single point is attacked, the whole network will implement strategy upgrading and comprehensive early warning and response.
  

• In depth WEB security protection is not limited to conventional IPS/AV protection. For intranet servers, it provides detailed web application protection. For the most troublesome CC attacks on servers, abnormal outreach, SQL injection, HTTP slow attacks, cross site scripting and other common attacks, it detects and verifies the content of various requests from Web application clients to ensure their security and legitimacy, and blocks illegal requests in real time, So as to effectively protect various websites.
  

• Support intelligent terminal identification. Terminal identification is an important prerequisite for establishing a secure connection to the Internet of Things. It is used to identify terminals in the Internet of Things,. When terminal traffic flows through the device, H3C security gateway can analyze and extract terminal information, such as the manufacturer and model of the terminal, and support sending logs to users when terminal information changes to prompt users. At the same time, the application detection method and the IPID detection method are used to identify and manage the behaviors of sharing the Internet through NAT technology or agent technology.
  

• Asset scanning supports the asset discovery function. It can scan and discover the open ports and services of intranet hosts, discover risks, and identify threats.
  

• Unknown threat detection is not enough to deal with complex network environment by feature analysis alone. In the face of typical APT (Advanced Persistent Threat) attack sandbox technology is one of the most effective methods to defend against APT attacks. It is used to construct an isolated threat detection environment. H3C security gateway sends network traffic to the sandbox for isolation analysis, and the sandbox gives a conclusion on whether there is a threat. If it is detected that a certain traffic is malicious, the device will block the traffic.

Professional intelligent management

• Support intelligent security policy: support policy risk optimization, support security policy optimization analysis, support policy number redundancy and hit analysis, support automatic batch and manual one by one policy optimization based on application risk, can be displayed in fine granularity according to traffic, application, risk type, etc., and give overall security score, so that users can better manage security policies, dynamically detect intranet services, dynamically generate security policies and recommend them.
  

• It supports standard network management SNMPv3 and is compatible with SNMP v1 and v2.
  

• Provide graphical interface and easy to use Web management.
  

• The device management and firewall function can be configured through the command line interface to meet professional management and mass configuration requirements.
  

• Through the H3C IMC SSM security management center, unified management is realized, which integrates the functions of security information and event collection, analysis, response, etc., and solves the problems of mutual isolation between the network and security equipment, non intuitive network security status, slow security event response, and difficult network fault location, so that IT and security administrators can get rid of tedious management work, greatly improve work efficiency, and focus on core business.
  

• Based on advanced deep mining and analysis technology, active collection and passive reception are adopted to provide users with centralized log management functions, and logs of different types (Syslog, binary stream logs, etc.) are normalized. At the same time, high aggregation compression technology is used to store massive events, and the log files can be automatically compressed, encrypted and saved to external storage systems such as DAS, NAS or SAN to avoid the loss of important security events.
  

• Provide rich reports, mainly including application based reports, network flow based analysis reports, etc.
  

• It supports output in PDF, HTML, WORD, TXT and other formats.
  

• The report can be customized through the Web interface, including the time range of data, the source device of data, the generation cycle, and the output type.
  

• ISSU (In Service Software Upgrade) is a highly reliable way to upgrade equipment and start software. The ISSU upgrade can ensure that the business is not interrupted or the interruption time is short during the upgrade process.
  

• BLS, ATK and CFGLOG are subdivided into five types of logs, which support true paging function, add clearing function, and support independent modules to set log parameters, query and configure logs by pages.